HiveMQ Broker disconnects after MQTT publish

We successfully connect our device (using mbedTLS - TLS 1.2) to HiveMQ Public Broker for tests.
However right after we publish an MQTT message from this device, HiveMQ broker disconnects.
What are the possible reasons behind making HiveMQ Broker to close the connection after the (successful) publish?

mbedTLS confirms that the message was published but we don’t see it in the MQTT client.

Important: this code works against other MQTT brokers using TLS 1.2.

Here’s a breakdown of the key steps in our mbedTLS flow:

  1. Encryption of Data Before Sending:

• before encrypt: msglen = 4, including 0 bytes of padding: mbedTLS is about to encrypt a message of length 4 bytes without any padding.

• <= encrypt buf: Encryption of the message buffer is complete.

  1. Preparing the Record for Sending:

• output record: msgtype = 23, version = [3:3], msglen = 28: mbedTLS is creating an output record of type 23 (which indicates “Application Data” in SSL/TLS) and version TLS 1.2 (3:3). The message length after encryption is 28 bytes.

• => flush output: mbedTLS begins sending the data.

• ssl->f_send() returned 33: The f_send() function successfully sent 33 bytes.

  1. Receiving Data:

• => read: mbedTLS begins reading data from the peer.

• => read record: It’s waiting for a record from the other side.

• => fetch input: mbedTLS fetches incoming data, requesting 5 bytes at first (which is typically the header of the SSL/TLS record).

• ssl->f_recv(_timeout)() returned 5: 5 bytes were successfully received.

• input record: msgtype = 21, version = [0x303], msglen = 26: A record of type 21 (alert message) is received with version TLS 1.2 and a length of 26 bytes.

• ssl->f_recv(_timeout)() returned 26: The remaining 26 bytes of the message were successfully fetched.

  1. Handling an Alert Message:

• got an alert message, type: [1:0]: mbedTLS has received an alert message. The alert type [1:0] indicates a “close notify” message, meaning the peer is signaling the intention to close the connection.

• is a close notify message: mbedTLS recognizes this as a “close notify” alert.

• mbedtls_ssl_handle_message_type() returned -30848 (-0x7880): The handling of this message results in an error code indicating the connection closure. The error code -30848 (-0x7880) is a known mbedTLS error for a close notify alert.

  1. Closing the Connection:

• mbedtls_ssl_read_record() returned -30848 (-0x7880): The connection is closed after reading the “close notify” message.

• Call to receiveSingleIteration failed. Status=MQTTRecvFailed: This indicates that the MQTT client attempted to read data but failed due to the closed SSL/TLS connection.

• Disconnected from the broker: The MQTT client recognizes the connection to the broker has been closed.

  1. Post-Disconnection Record Writing:

• After disconnection, mbedTLS logs show additional attempts to send a record (likely a final message or handshake closure):

• before encrypt: msglen = 2, including 0 bytes of padding: A message of length 2 bytes is prepared for encryption.

• output record: msgtype = 23, version = [3:3], msglen = 26: An application data record is prepared for sending.

• ssl->f_send() returned 31: 31 bytes were successfully sent.

• However, the MQTT client still logs disconnection from the broker (Disconnected from the broker), confirming the connection was closed.

Summary:

• The mbedTLS flow shows the standard SSL/TLS encryption process, sending an application data record, receiving an alert (close notify), and handling connection termination gracefully.

• The MQTT client detected the connection close and handled it accordingly.

Hi @rodmaz

Greetings and welcome to the HiveMQ Community! It’s great to have you here, especially with your interest in MQTT and the HiveMQ broker. We’re always happy to see new users like you.

Thank you for your inquiry regarding the disconnection issue you encountered with the HiveMQ broker. We understand how disruptive this can be to your work.

Considering the date you reached out and the details you provided, it’s possible that the public broker was experiencing a Distributed Denial of Service attack at that time. Such attacks can temporarily overwhelm the broker, leading to unexpected disconnections for clients.

We recommend trying to reconnect and publish your messages again.

Thank you
Best regards,
Dasha from The HiveMQ Team

Still no luck. :frowning_face:
We can successfully connect to the HiveMQ broker and it works just fine.
As soon as we publish in our topic data/445753099793/swxb-918-f412fad6963c, broker disconnects.
We set up very long timeouts in TLS but it does not matter.

Same code works on EMQX and AWS MQTT brokers though.

Hello @rodmaz ,

Thank you for the follow-up!

Could I have you confirm the payload size that is currently being used when testing this publish? It sounds like, based on the initial details provided, that this payload is small (less than a KB in size), but I’d like to confirm.

Additionally, if you could possibly include the full client log, including the indicated disconnect, this may help us investigate further as we review.

As an extra test, I would recommend testing with the Serverless (Free) version of HiveMQ Cloud, as well, to validate if there are still any errors encountered when utilizing this service - this can be found directly here.

Best,
Aaron from the HiveMQ Team

Hi @AaronTLFranz

Sure, the payload is rather small. Much much less than 1 Kb.
As long as we do not publish any MQTT message, the connection remains connected seamlessly.
The connection is however closed by the HiveMQ broker right after the first publish.

I (42629) mbedtls: ssl_msg.c:5092 0x3fcb4954: got an alert message, type: [1:0]
I (42639) mbedtls: ssl_msg.c:5106 0x3fcb4954: is a close notify message
W (42649) mbedtls: ssl_msg.c:4244 0x3fcb4954: mbedtls_ssl_handle_message_type() returned -30848 (-0x7880)
W (42659) mbedtls: ssl_msg.c:5842 0x3fcb4954: mbedtls_ssl_read_record() returned -30848 (-0x7880)
E (42669) NETWORK-TRANSPORT: connection closed
E (42669) coreMQTT: Call to receiveSingleIteration failed. Status=MQTTRecvFailed

See the full trace logging below.

...
I (29569) mbedtls: ssl_msg.c:2353 0x3fcb4954: => flush output

I (29569) mbedtls: ssl_msg.c:2362 0x3fcb4954: <= flush output

I (29579) mbedtls: ssl_tls.c:4525 0x3fcb4954: client state: MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC

I (29589) mbedtls: ssl_msg.c:5211 0x3fcb4954: => parse change cipher spec

I (29599) mbedtls: ssl_msg.c:4189 0x3fcb4954: => read record

I (29609) mbedtls: ssl_msg.c:2155 0x3fcb4954: => fetch input

I (29609) mbedtls: ssl_msg.c:2295 0x3fcb4954: in_left: 0, nb_want: 5

I (29749) mbedtls: ssl_msg.c:2315 0x3fcb4954: in_left: 0, nb_want: 5

I (29749) mbedtls: ssl_msg.c:2318 0x3fcb4954: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

I (29759) mbedtls: ssl_msg.c:2340 0x3fcb4954: <= fetch input

D (29769) mbedtls: ssl_msg.c:3857 0x3fcb4954: input record: msgtype = 20, version = [0x303], msglen = 1

I (29779) mbedtls: ssl_msg.c:2155 0x3fcb4954: => fetch input

I (29779) mbedtls: ssl_msg.c:2295 0x3fcb4954: in_left: 5, nb_want: 6

I (29789) mbedtls: ssl_msg.c:2315 0x3fcb4954: in_left: 5, nb_want: 6

I (29799) mbedtls: ssl_msg.c:2318 0x3fcb4954: ssl->f_recv(_timeout)() returned 1 (-0xffffffff)

I (29809) mbedtls: ssl_msg.c:2340 0x3fcb4954: <= fetch input

I (29809) mbedtls: ssl_msg.c:4261 0x3fcb4954: <= read record

D (29819) mbedtls: ssl_msg.c:5232 0x3fcb4954: switching to new transform spec for inbound data

I (29829) mbedtls: ssl_msg.c:5259 0x3fcb4954: <= parse change cipher spec

I (29839) mbedtls: ssl_msg.c:2353 0x3fcb4954: => flush output

I (29839) mbedtls: ssl_msg.c:2362 0x3fcb4954: <= flush output

I (29849) mbedtls: ssl_tls.c:4525 0x3fcb4954: client state: MBEDTLS_SSL_SERVER_FINISHED

I (29859) mbedtls: ssl_tls.c:8645 0x3fcb4954: => parse finished

I (29859) mbedtls: ssl_tls.c:8364 0x3fcb4954: => calc finished tls

D (29869) mbedtls: ssl_tls.c:8391 0x3fcb4954: dumping 'calc finished result' (12 bytes)

D (29879) mbedtls: ssl_tls.c:8391 0x3fcb4954: 0000:  4c e8 d8 3e 97 16 f1 4f 8b 0b 4e 8d              L..>...O..N.

I (29889) mbedtls: ssl_tls.c:8395 0x3fcb4954: <= calc finished

I (29899) mbedtls: ssl_msg.c:4189 0x3fcb4954: => read record

I (29899) mbedtls: ssl_msg.c:2155 0x3fcb4954: => fetch input

I (29909) mbedtls: ssl_msg.c:2295 0x3fcb4954: in_left: 0, nb_want: 5

I (29919) mbedtls: ssl_msg.c:2315 0x3fcb4954: in_left: 0, nb_want: 5

I (29919) mbedtls: ssl_msg.c:2318 0x3fcb4954: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

I (29929) mbedtls: ssl_msg.c:2340 0x3fcb4954: <= fetch input

D (29939) mbedtls: ssl_msg.c:3857 0x3fcb4954: input record: msgtype = 22, version = [0x303], msglen = 40

I (29949) mbedtls: ssl_msg.c:2155 0x3fcb4954: => fetch input

I (29959) mbedtls: ssl_msg.c:2295 0x3fcb4954: in_left: 5, nb_want: 45

I (29959) mbedtls: ssl_msg.c:2315 0x3fcb4954: in_left: 5, nb_want: 45

I (29969) mbedtls: ssl_msg.c:2318 0x3fcb4954: ssl->f_recv(_timeout)() returned 40 (-0xffffffd8)

I (29979) mbedtls: ssl_msg.c:2340 0x3fcb4954: <= fetch input

I (29989) mbedtls: ssl_msg.c:1510 0x3fcb4954: => decrypt buf

I (29989) mbedtls: ssl_msg.c:2121 0x3fcb4954: <= decrypt buf

D (29999) mbedtls: ssl_msg.c:3231 0x3fcb4954: handshake message: msglen = 16, type = 20, hslen = 16

I (30009) mbedtls: ssl_msg.c:4261 0x3fcb4954: <= read record

I (30019) mbedtls: ssl_tls.c:8715 0x3fcb4954: <= parse finished

I (30019) mbedtls: ssl_msg.c:2353 0x3fcb4954: => flush output

I (30029) mbedtls: ssl_msg.c:2362 0x3fcb4954: <= flush output

I (30039) mbedtls: ssl_tls.c:4525 0x3fcb4954: client state: MBEDTLS_SSL_FLUSH_BUFFERS

I (30039) mbedtls: ssl_tls12_client.c:3585 0x3fcb4954: handshake: done

I (30049) mbedtls: ssl_msg.c:2353 0x3fcb4954: => flush output

I (30059) mbedtls: ssl_msg.c:2362 0x3fcb4954: <= flush output

I (30069) mbedtls: ssl_tls.c:4525 0x3fcb4954: client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP

D (30069) mbedtls: ssl_tls.c:8468 0x3fcb4954: => handshake wrapup

D (30079) mbedtls: ssl_tls.c:8442 0x3fcb4954: => handshake wrapup: final free

D (30089) mbedtls: ssl_tls.c:8461 0x3fcb4954: <= handshake wrapup: final free

D (30099) mbedtls: ssl_tls.c:8522 0x3fcb4954: <= handshake wrapup

I (30099) mbedtls: ssl_tls.c:4617 0x3fcb4954: <= handshake

D (30109) MQTT-AGENT: (swx_mqtt_agent_connect)(C0) secure TLS connection with MQTT broker established
D (30149) MQTT-AGENT: (swx_mqtt_agent_connect)(C0) establishing (clean) MQTT connection; client-id: swxb-918-f412fad6963c; username: 445753099793; keep-alive: 60 seconds
I (30169) mbedtls: ssl_msg.c:6044 0x3fcb4954: => write

I (30169) mbedtls: ssl_msg.c:2943 0x3fcb4954: => write record

I (30179) mbedtls: ssl_msg.c:935 0x3fcb4954: => encrypt buf

D (30179) mbedtls: ssl_msg.c:1189 0x3fcb4954: before encrypt: msglen = 13, including 0 bytes of padding

I (30189) mbedtls: ssl_msg.c:1474 0x3fcb4954: <= encrypt buf

D (30199) mbedtls: ssl_msg.c:3027 0x3fcb4954: output record: msgtype = 23, version = [3:3], msglen = 37

I (30209) mbedtls: ssl_msg.c:2353 0x3fcb4954: => flush output

I (30219) mbedtls: ssl_msg.c:2367 0x3fcb4954: message length: 42, out_left: 42

I (30229) mbedtls: ssl_msg.c:2374 0x3fcb4954: ssl->f_send() returned 42 (-0xffffffd6)

I (30229) mbedtls: ssl_msg.c:2401 0x3fcb4954: <= flush output

I (30239) mbedtls: ssl_msg.c:3080 0x3fcb4954: <= write record

I (30249) mbedtls: ssl_msg.c:6066 0x3fcb4954: <= write

I (30249) mbedtls: ssl_msg.c:6044 0x3fcb4954: => write

I (30259) mbedtls: ssl_msg.c:2943 0x3fcb4954: => write record

I (30259) mbedtls: ssl_msg.c:935 0x3fcb4954: => encrypt buf

D (30269) mbedtls: ssl_msg.c:1189 0x3fcb4954: before encrypt: msglen = 2, including 0 bytes of padding

I (30279) mbedtls: ssl_msg.c:1474 0x3fcb4954: <= encrypt buf

D (30289) mbedtls: ssl_msg.c:3027 0x3fcb4954: output record: msgtype = 23, version = [3:3], msglen = 26

I (30299) mbedtls: ssl_msg.c:2353 0x3fcb4954: => flush output

I (30299) mbedtls: ssl_msg.c:2367 0x3fcb4954: message length: 31, out_left: 31

I (30309) mbedtls: ssl_msg.c:2374 0x3fcb4954: ssl->f_send() returned 31 (-0xffffffe1)

I (30319) mbedtls: ssl_msg.c:2401 0x3fcb4954: <= flush output

I (30329) mbedtls: ssl_msg.c:3080 0x3fcb4954: <= write record

I (30329) mbedtls: ssl_msg.c:6066 0x3fcb4954: <= write

I (30339) mbedtls: ssl_msg.c:6044 0x3fcb4954: => write

I (30339) mbedtls: ssl_msg.c:2943 0x3fcb4954: => write record

I (30349) mbedtls: ssl_msg.c:935 0x3fcb4954: => encrypt buf

D (30359) mbedtls: ssl_msg.c:1189 0x3fcb4954: before encrypt: msglen = 21, including 0 bytes of padding

I (30369) mbedtls: ssl_msg.c:1474 0x3fcb4954: <= encrypt buf

D (30369) mbedtls: ssl_msg.c:3027 0x3fcb4954: output record: msgtype = 23, version = [3:3], msglen = 45

I (30379) mbedtls: ssl_msg.c:2353 0x3fcb4954: => flush output

I (30389) mbedtls: ssl_msg.c:2367 0x3fcb4954: message length: 50, out_left: 50

I (30399) mbedtls: ssl_msg.c:2374 0x3fcb4954: ssl->f_send() returned 50 (-0xffffffce)

I (30409) mbedtls: ssl_msg.c:2401 0x3fcb4954: <= flush output

I (30409) mbedtls: ssl_msg.c:3080 0x3fcb4954: <= write record

I (30419) mbedtls: ssl_msg.c:6066 0x3fcb4954: <= write

I (30429) mbedtls: ssl_msg.c:6044 0x3fcb4954: => write

I (30429) mbedtls: ssl_msg.c:2943 0x3fcb4954: => write record

I (30439) mbedtls: ssl_msg.c:935 0x3fcb4954: => encrypt buf

D (30449) mbedtls: ssl_msg.c:1189 0x3fcb4954: before encrypt: msglen = 2, including 0 bytes of padding

I (30449) mbedtls: ssl_msg.c:1474 0x3fcb4954: <= encrypt buf

D (30459) mbedtls: ssl_msg.c:3027 0x3fcb4954: output record: msgtype = 23, version = [3:3], msglen = 26

I (30469) mbedtls: ssl_msg.c:2353 0x3fcb4954: => flush output

I (30479) mbedtls: ssl_msg.c:2367 0x3fcb4954: message length: 31, out_left: 31

I (30489) mbedtls: ssl_msg.c:2374 0x3fcb4954: ssl->f_send() returned 31 (-0xffffffe1)

I (30489) mbedtls: ssl_msg.c:2401 0x3fcb4954: <= flush output

I (30499) mbedtls: ssl_msg.c:3080 0x3fcb4954: <= write record

I (30509) mbedtls: ssl_msg.c:6066 0x3fcb4954: <= write

I (30509) mbedtls: ssl_msg.c:6044 0x3fcb4954: => write

I (30519) mbedtls: ssl_msg.c:2943 0x3fcb4954: => write record

I (30529) mbedtls: ssl_msg.c:935 0x3fcb4954: => encrypt buf

D (30529) mbedtls: ssl_msg.c:1189 0x3fcb4954: before encrypt: msglen = 12, including 0 bytes of padding

I (30539) mbedtls: ssl_msg.c:1474 0x3fcb4954: <= encrypt buf

D (30549) mbedtls: ssl_msg.c:3027 0x3fcb4954: output record: msgtype = 23, version = [3:3], msglen = 36

I (30559) mbedtls: ssl_msg.c:2353 0x3fcb4954: => flush output

I (30559) mbedtls: ssl_msg.c:2367 0x3fcb4954: message length: 41, out_left: 41

I (30569) mbedtls: ssl_msg.c:2374 0x3fcb4954: ssl->f_send() returned 41 (-0xffffffd7)

I (30579) mbedtls: ssl_msg.c:2401 0x3fcb4954: <= flush output

I (30589) mbedtls: ssl_msg.c:3080 0x3fcb4954: <= write record

I (30589) mbedtls: ssl_msg.c:6066 0x3fcb4954: <= write

I (30599) mbedtls: ssl_msg.c:6044 0x3fcb4954: => write

I (30609) mbedtls: ssl_msg.c:2943 0x3fcb4954: => write record

I (30609) mbedtls: ssl_msg.c:935 0x3fcb4954: => encrypt buf

D (30619) mbedtls: ssl_msg.c:1189 0x3fcb4954: before encrypt: msglen = 2, including 0 bytes of padding

I (30629) mbedtls: ssl_msg.c:1474 0x3fcb4954: <= encrypt buf

D (30639) mbedtls: ssl_msg.c:3027 0x3fcb4954: output record: msgtype = 23, version = [3:3], msglen = 26

I (30649) mbedtls: ssl_msg.c:2353 0x3fcb4954: => flush output

I (30649) mbedtls: ssl_msg.c:2367 0x3fcb4954: message length: 31, out_left: 31

I (30659) mbedtls: ssl_msg.c:2374 0x3fcb4954: ssl->f_send() returned 31 (-0xffffffe1)

I (30669) mbedtls: ssl_msg.c:2401 0x3fcb4954: <= flush output

I (30679) mbedtls: ssl_msg.c:3080 0x3fcb4954: <= write record

I (30679) mbedtls: ssl_msg.c:6066 0x3fcb4954: <= write

I (30689) mbedtls: ssl_msg.c:6044 0x3fcb4954: => write

I (30689) mbedtls: ssl_msg.c:2943 0x3fcb4954: => write record

I (30699) mbedtls: ssl_msg.c:935 0x3fcb4954: => encrypt buf

D (30709) mbedtls: ssl_msg.c:1189 0x3fcb4954: before encrypt: msglen = 932, including 0 bytes of padding

I (30719) mbedtls: ssl_msg.c:1474 0x3fcb4954: <= encrypt buf

D (30719) mbedtls: ssl_msg.c:3027 0x3fcb4954: output record: msgtype = 23, version = [3:3], msglen = 956

I (30729) mbedtls: ssl_msg.c:2353 0x3fcb4954: => flush output

I (30739) mbedtls: ssl_msg.c:2367 0x3fcb4954: message length: 961, out_left: 961

I (30749) mbedtls: ssl_msg.c:2374 0x3fcb4954: ssl->f_send() returned 961 (-0xfffffc3f)

I (30759) mbedtls: ssl_msg.c:2401 0x3fcb4954: <= flush output

I (30759) mbedtls: ssl_msg.c:3080 0x3fcb4954: <= write record

I (30769) mbedtls: ssl_msg.c:6066 0x3fcb4954: <= write

I (30779) mbedtls: ssl_msg.c:5782 0x3fcb4954: => read

I (30779) mbedtls: ssl_msg.c:4189 0x3fcb4954: => read record

I (30789) mbedtls: ssl_msg.c:2155 0x3fcb4954: => fetch input

I (30789) mbedtls: ssl_msg.c:2295 0x3fcb4954: in_left: 0, nb_want: 5

I (30799) mbedtls: ssl_msg.c:2315 0x3fcb4954: in_left: 0, nb_want: 5

I (31159) mbedtls: ssl_msg.c:5782 0x3fcb4954: => read

I (31159) mbedtls: ssl_msg.c:4189 0x3fcb4954: => read record

I (31159) mbedtls: ssl_msg.c:2155 0x3fcb4954: => fetch input

I (31159) mbedtls: ssl_msg.c:2295 0x3fcb4954: in_left: 0, nb_want: 5

I (31169) mbedtls: ssl_msg.c:2315 0x3fcb4954: in_left: 0, nb_want: 5

I (31179) mbedtls: ssl_msg.c:2318 0x3fcb4954: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

I (31189) mbedtls: ssl_msg.c:2340 0x3fcb4954: <= fetch input

D (31189) mbedtls: ssl_msg.c:3857 0x3fcb4954: input record: msgtype = 23, version = [0x303], msglen = 28

I (31199) mbedtls: ssl_msg.c:2155 0x3fcb4954: => fetch input

I (31209) mbedtls: ssl_msg.c:2295 0x3fcb4954: in_left: 5, nb_want: 33

I (31219) mbedtls: ssl_msg.c:2315 0x3fcb4954: in_left: 5, nb_want: 33

I (31219) mbedtls: ssl_msg.c:2318 0x3fcb4954: ssl->f_recv(_timeout)() returned 28 (-0xffffffe4)

I (31229) mbedtls: ssl_msg.c:2340 0x3fcb4954: <= fetch input

I (31239) mbedtls: ssl_msg.c:1510 0x3fcb4954: => decrypt buf

I (31249) mbedtls: ssl_msg.c:2121 0x3fcb4954: <= decrypt buf

I (31249) mbedtls: ssl_msg.c:4261 0x3fcb4954: <= read record

I (31259) mbedtls: ssl_msg.c:5942 0x3fcb4954: <= read

I (31269) mbedtls: ssl_msg.c:5782 0x3fcb4954: => read

I (31269) mbedtls: ssl_msg.c:5942 0x3fcb4954: <= read

I (31279) mbedtls: ssl_msg.c:5782 0x3fcb4954: => read

I (31279) mbedtls: ssl_msg.c:5942 0x3fcb4954: <= read

I (31289) MQTT-AGENT: (swx_mqtt_agent_connect)(C0) connected successfully to MQTT broker: client ID: 'swxb-918-f412fad6963c', keep-alive: 60 secs, session_present: false

I (31349) mbedtls: ssl_msg.c:5782 0x3fcb4954: => read

I (31349) mbedtls: ssl_msg.c:4189 0x3fcb4954: => read record

I (31359) mbedtls: ssl_msg.c:2155 0x3fcb4954: => fetch input

I (31369) mbedtls: ssl_msg.c:2295 0x3fcb4954: in_left: 0, nb_want: 5

I (31369) mbedtls: ssl_msg.c:2315 0x3fcb4954: in_left: 0, nb_want: 5

D (41329) GATEWAY: (swx_gateway_set_next_state)(C0) transitioning from SWX_GATEWAY_STATE_MQTT_PROCESSING --> SWX_GATEWAY_STATE_MQTT_PUBLISHING_UPLINK_DATA
I (41359) mbedtls: ssl_msg.c:6044 0x3fcb4954: => write

I (41359) mbedtls: ssl_msg.c:2943 0x3fcb4954: => write record

I (41359) mbedtls: ssl_msg.c:935 0x3fcb4954: => encrypt buf

D (41359) mbedtls: ssl_msg.c:1189 0x3fcb4954: before encrypt: msglen = 2, including 0 bytes of padding

I (41369) mbedtls: ssl_msg.c:1474 0x3fcb4954: <= encrypt buf

D (41379) mbedtls: ssl_msg.c:3027 0x3fcb4954: output record: msgtype = 23, version = [3:3], msglen = 26

I (41389) mbedtls: ssl_msg.c:2353 0x3fcb4954: => flush output

I (41399) mbedtls: ssl_msg.c:2367 0x3fcb4954: message length: 31, out_left: 31

I (41409) mbedtls: ssl_msg.c:2374 0x3fcb4954: ssl->f_send() returned 31 (-0xffffffe1)

I (41409) mbedtls: ssl_msg.c:2401 0x3fcb4954: <= flush output

I (41419) mbedtls: ssl_msg.c:3080 0x3fcb4954: <= write record

I (41429) mbedtls: ssl_msg.c:6066 0x3fcb4954: <= write

I (41439) mbedtls: ssl_msg.c:5782 0x3fcb4954: => read

I (41439) mbedtls: ssl_msg.c:4189 0x3fcb4954: => read record

I (41449) mbedtls: ssl_msg.c:2155 0x3fcb4954: => fetch input

I (41449) mbedtls: ssl_msg.c:2295 0x3fcb4954: in_left: 0, nb_want: 5

I (41459) mbedtls: ssl_msg.c:2315 0x3fcb4954: in_left: 0, nb_want: 5

V (41539) GATEWAY: (swx_gateway_prepare_submit_uplink_data)(C0) payload:
{"gatewayId":"swxb-918-f412fad6963c","gatewayType":"mobile","timestamp":1730742639065,"packets":[{"aliasBridgeId":"ef2a36a0ec7f","timestamp":1730742630266,"sequenceId":0,"rssi":40,"payload":"1e16c6fc02003f142be7aabb9f1b2b2768000970579241341ef9e66b32975d"},{"aliasBridgeId":"ef2a36a0ec7f","timestamp":1730742630403,"sequenceId":1,"rssi":40,"payload":"1e16c6fc02003f2d24b3912545f9fbb6b101090c2528776e8d6f98d5c4db90"},{"aliasBridgeId":"ef2a36a0ec7f","timestamp":1730742631596,"sequenceId":2,"rssi":52,"payload":"1e16c6fc02003f925b4849009788ac3f58000918dcb118760bb966f1f5c574"},{"aliasBridgeId":"344df795c404","timestamp":1730742632919,"sequenceId":3,"rssi":76,"payload":"1e16c6fc020000142be7aabb9f1b2b27689ca627579241341ef9e66b32975d"},{"aliasBridgeId":"344df795c404","timestamp":1730742632936,"sequenceId":4,"rssi":75,"payload":"1e16c6fc0000ec420df38f104b00005200000000000000000000006b32975d"},{"aliasBridgeId":"ef2a36a0ec7f","timestamp":1730742633438,"sequenceId":5,"rssi":53,"payload":"1e16c6fc02003f76b29328b18ac69ce71a00094cffd20cdb9e7b9c5f438c0a"},{"aliasBridgeId":"ef2a36a0ec7f","timestamp":1730742633533,"sequenceId":6,"rssi":53,"payload":"1e16c6fc0000ee020ad36f2a36a0ec7f7981a088499e31b6c58b8c00030100"},{"aliasBridgeId":"ef2a36a0ec7f","timestamp":1730742635371,"sequenceId":7,"rssi":50,"payload":"1e16c6fc02003fca480d2b7cd97414a867000910a85709152790c19ff5710d"},{"aliasBridgeId":"ef2a36a0ec7f","timestamp":1730742636603,"sequenceId":8,"rssi":42,"payload":"1e16c6fc02003f49ed64a472c501225b0c00090c7b2d0316d8f4ce0ec0b8ec"},{"aliasBridgeId":"ef2a36a0ec7f","timestamp":1730742637739,"sequenceId":9,"rssi":54,"payload":"1e16c6fc02003f916f4e90c1348f76cb1d00098ccf221aa0d7f43ade79a5e3"}]}
I (41679) GATEWAY: (swx_gateway_prepare_submit_uplink_data)(C0) publishing gateway MQTT uplink data (#0); topic: data/445753099793/swxb-918-f412fad6963c

I (41629) mbedtls: ssl_msg.c:5782 0x3fcb4954: => read

I (41719) mbedtls: ssl_msg.c:4189 0x3fcb4954: => read record

I (41729) mbedtls: ssl_msg.c:2155 0x3fcb4954: => fetch input

I (41729) mbedtls: ssl_msg.c:2295 0x3fcb4954: in_left: 0, nb_want: 5

I (41739) mbedtls: ssl_msg.c:2315 0x3fcb4954: in_left: 0, nb_want: 5

I (41749) mbedtls: ssl_msg.c:2318 0x3fcb4954: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

I (41759) mbedtls: ssl_msg.c:2340 0x3fcb4954: <= fetch input

D (41769) mbedtls: ssl_msg.c:3857 0x3fcb4954: input record: msgtype = 23, version = [0x303], msglen = 26

I (41769) mbedtls: ssl_msg.c:2155 0x3fcb4954: => fetch input

I (41779) mbedtls: ssl_msg.c:2295 0x3fcb4954: in_left: 5, nb_want: 31

I (41789) mbedtls: ssl_msg.c:2315 0x3fcb4954: in_left: 5, nb_want: 31

I (41799) mbedtls: ssl_msg.c:2318 0x3fcb4954: ssl->f_recv(_timeout)() returned 26 (-0xffffffe6)

I (41809) mbedtls: ssl_msg.c:2340 0x3fcb4954: <= fetch input

I (41809) mbedtls: ssl_msg.c:1510 0x3fcb4954: => decrypt buf

I (41819) mbedtls: ssl_msg.c:2121 0x3fcb4954: <= decrypt buf

I (41829) mbedtls: ssl_msg.c:4261 0x3fcb4954: <= read record

I (41829) mbedtls: ssl_msg.c:5942 0x3fcb4954: <= read

I (41839) mbedtls: ssl_msg.c:6044 0x3fcb4954: => write

I (41839) mbedtls: ssl_msg.c:2943 0x3fcb4954: => write record

I (41849) mbedtls: ssl_msg.c:935 0x3fcb4954: => encrypt buf

D (41859) mbedtls: ssl_msg.c:1189 0x3fcb4954: before encrypt: msglen = 5, including 0 bytes of padding

I (41869) mbedtls: ssl_msg.c:1474 0x3fcb4954: <= encrypt buf

D (41869) mbedtls: ssl_msg.c:3027 0x3fcb4954: output record: msgtype = 23, version = [3:3], msglen = 29

I (41879) mbedtls: ssl_msg.c:2353 0x3fcb4954: => flush output

I (41889) mbedtls: ssl_msg.c:2367 0x3fcb4954: message length: 34, out_left: 34

I (41899) mbedtls: ssl_msg.c:2374 0x3fcb4954: ssl->f_send() returned 34 (-0xffffffde)

I (41909) mbedtls: ssl_msg.c:2401 0x3fcb4954: <= flush output

I (41909) mbedtls: ssl_msg.c:3080 0x3fcb4954: <= write record

I (41919) mbedtls: ssl_msg.c:6066 0x3fcb4954: <= write

I (41929) mbedtls: ssl_msg.c:6044 0x3fcb4954: => write

I (41929) mbedtls: ssl_msg.c:2943 0x3fcb4954: => write record

I (41939) mbedtls: ssl_msg.c:935 0x3fcb4954: => encrypt buf

D (41939) mbedtls: ssl_msg.c:1189 0x3fcb4954: before encrypt: msglen = 39, including 0 bytes of padding

I (41949) mbedtls: ssl_msg.c:1474 0x3fcb4954: <= encrypt buf

D (41959) mbedtls: ssl_msg.c:3027 0x3fcb4954: output record: msgtype = 23, version = [3:3], msglen = 63

I (41969) mbedtls: ssl_msg.c:2353 0x3fcb4954: => flush output

I (41979) mbedtls: ssl_msg.c:2367 0x3fcb4954: message length: 68, out_left: 68

V (41929) GATEWAY: (swx_gateway_prepare_uplink_data)(C0) added BLE message in uplink data hash table
I (41989) mbedtls: ssl_msg.c:2374 0x3fcb4954: ssl->f_send() returned 68 (-0xffffffbc)

I (41999) mbedtls: ssl_msg.c:2401 0x3fcb4954: <= flush output

I (42009) mbedtls: ssl_msg.c:3080 0x3fcb4954: <= write record

I (42019) mbedtls: ssl_msg.c:6066 0x3fcb4954: <= write

I (42019) mbedtls: ssl_msg.c:6044 0x3fcb4954: => write

I (42029) mbedtls: ssl_msg.c:2943 0x3fcb4954: => write record

I (42039) mbedtls: ssl_msg.c:935 0x3fcb4954: => encrypt buf

D (42039) mbedtls: ssl_msg.c:1189 0x3fcb4954: before encrypt: msglen = 1688, including 0 bytes of padding

I (42049) mbedtls: ssl_msg.c:1474 0x3fcb4954: <= encrypt buf

D (42059) mbedtls: ssl_msg.c:3027 0x3fcb4954: output record: msgtype = 23, version = [3:3], msglen = 1712

I (42069) mbedtls: ssl_msg.c:2353 0x3fcb4954: => flush output

I (42069) mbedtls: ssl_msg.c:2367 0x3fcb4954: message length: 1717, out_left: 1717

I (42089) mbedtls: ssl_msg.c:2374 0x3fcb4954: ssl->f_send() returned 1717 (-0xfffff94b)

I (42089) mbedtls: ssl_msg.c:2401 0x3fcb4954: <= flush output

I (42099) mbedtls: ssl_msg.c:3080 0x3fcb4954: <= write record

I (42099) mbedtls: ssl_msg.c:6066 0x3fcb4954: <= write

D (42109) GATEWAY: (swx_gateway_uplink_publish_complete_cb)(C0) gateway uplink data publish callback (#0); return code: MQTTSuccess
I (42119) mbedtls: ssl_msg.c:5782 0x3fcb4954: => read

I (42129) mbedtls: ssl_msg.c:4189 0x3fcb4954: => read record

I (42139) mbedtls: ssl_msg.c:2155 0x3fcb4954: => fetch input

I (42139) mbedtls: ssl_msg.c:2295 0x3fcb4954: in_left: 0, nb_want: 5

I (42149) mbedtls: ssl_msg.c:2315 0x3fcb4954: in_left: 0, nb_want: 5

I (42529) mbedtls: ssl_msg.c:5782 0x3fcb4954: => read

I (42529) mbedtls: ssl_msg.c:4189 0x3fcb4954: => read record

I (42539) mbedtls: ssl_msg.c:2155 0x3fcb4954: => fetch input

I (42539) mbedtls: ssl_msg.c:2295 0x3fcb4954: in_left: 0, nb_want: 5

I (42549) mbedtls: ssl_msg.c:2315 0x3fcb4954: in_left: 0, nb_want: 5

I (42559) mbedtls: ssl_msg.c:2318 0x3fcb4954: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

I (42569) mbedtls: ssl_msg.c:2340 0x3fcb4954: <= fetch input

D (42569) mbedtls: ssl_msg.c:3857 0x3fcb4954: input record: msgtype = 21, version = [0x303], msglen = 26

I (42579) mbedtls: ssl_msg.c:2155 0x3fcb4954: => fetch input

I (42589) mbedtls: ssl_msg.c:2295 0x3fcb4954: in_left: 5, nb_want: 31

I (42599) mbedtls: ssl_msg.c:2315 0x3fcb4954: in_left: 5, nb_want: 31

I (42599) mbedtls: ssl_msg.c:2318 0x3fcb4954: ssl->f_recv(_timeout)() returned 26 (-0xffffffe6)

I (42609) mbedtls: ssl_msg.c:2340 0x3fcb4954: <= fetch input

I (42619) mbedtls: ssl_msg.c:1510 0x3fcb4954: => decrypt buf

I (42629) mbedtls: ssl_msg.c:2121 0x3fcb4954: <= decrypt buf

I (42629) mbedtls: ssl_msg.c:5092 0x3fcb4954: got an alert message, type: [1:0]

I (42639) mbedtls: ssl_msg.c:5106 0x3fcb4954: is a close notify message

W (42649) mbedtls: ssl_msg.c:4244 0x3fcb4954: mbedtls_ssl_handle_message_type() returned -30848 (-0x7880)

W (42659) mbedtls: ssl_msg.c:5842 0x3fcb4954: mbedtls_ssl_read_record() returned -30848 (-0x7880)

E (42669) NETWORK-TRANSPORT: connection closed
E (42669) coreMQTT: Call to receiveSingleIteration failed. Status=MQTTRecvFailed
W (42679) MQTT-AGENT: (mqtt_agent_command_loop_task)(C0) command MQTTAgent_CommandLoop exited with mqtt_status (MQTTRecvFailed)
E (42689) MQTT-AGENT: (mqtt_agent_command_loop_task)(C0) detected ungraceful disconnection from  MQTT broker

I (42719) mbedtls: ssl_msg.c:6044 0x3fcb4954: => write

I (42719) mbedtls: ssl_msg.c:2943 0x3fcb4954: => write record

I (42729) mbedtls: ssl_msg.c:935 0x3fcb4954: => encrypt buf

D (42729) mbedtls: ssl_msg.c:1189 0x3fcb4954: before encrypt: msglen = 2, including 0 bytes of padding

I (42739) mbedtls: ssl_msg.c:1474 0x3fcb4954: <= encrypt buf

D (42749) mbedtls: ssl_msg.c:3027 0x3fcb4954: output record: msgtype = 23, version = [3:3], msglen = 26

I (42759) mbedtls: ssl_msg.c:2353 0x3fcb4954: => flush output

I (42769) mbedtls: ssl_msg.c:2367 0x3fcb4954: message length: 31, out_left: 31

I (42779) mbedtls: ssl_msg.c:2374 0x3fcb4954: ssl->f_send() returned 31 (-0xffffffe1)

I (42779) mbedtls: ssl_msg.c:2401 0x3fcb4954: <= flush output

I (42789) mbedtls: ssl_msg.c:3080 0x3fcb4954: <= write record

I (42799) mbedtls: ssl_msg.c:6066 0x3fcb4954: <= write

D (42799) MQTT-AGENT: (swx_mqtt_agent_disconnect)(C0) disconnecting TLS socket for MQTT broker connection

Hi @AaronTLFranz! Have you meanwhile been able to spot the problem? Thanks!

Hi @rodmaz,

Thank you for the details.

Your logs show the TLS communication information, but not the MQTT communication details. As you’ve mentioned, the client connects successfully, which means the issue is not related to TLS, as TLS is only used to establish the connection. Since the connection is already established, the problem must lie within the MQTT layer, specifically during the PUBLISH attempt.

Could you please confirm the QoS level of the PUBLISH message your client is sending? If it is QoS 1 or 2, you can fetch the PUBACK packet from the broker and analyze the returned REASON CODE. This code will indicate which issue occurred with the PUBLISH.

It’s possible that the client may not have permission to publish to the topic with the given QoS. According to the MQTT specification, if the client does not have the proper permissions for publishing at the requested QoS level, it should be disconnected by the server.

Let me know if you need further assistance.

Best regards,
Dasha from The HiveMQ Team